Use the below code to add this video to your website.
With the sophistication of cyber attacks, claims growth, and now, a global pandemic driving an increasing number of businesses toward remote work, it's no question the cyber insurance industry has had to evolve rapidly since its onset.
However, Steve Robinson, National Cyber Practice leader for managing general agent and wholesale insurance broker Risk Placement Services (RPS), says one secret to tackling a growing number of challenges in cyber insurance could be a return, in part, to the industry's early days.
"Nobody wants to say the "s" word these days, but sublimits - we've started to see it in measured amounts from certain insurers," he says in this episode of the Insuring Cyber Podcast. "I really believe that's going to become the norm and is really kind of returning us back to where this started when cyber extortion, which is the part of the policy that covers ransomware attacks, used to be offered at a $100,000 or a $250,000 sublimit early on...I think we're going to start to see definitely...a return back to that model in order for insurers to be able to have this remain a viable coverage."
For this episode, Insurance Journal's Elizabeth Blosfield caught up with two insurers - RPS and Beazley - who were early players in the cyber insurance space to reflect on the beginnings of cyber coverage and discuss how the industry has matured since then.
"At the industry's onset there, frankly, weren't claims," says Kristen Dauphinais, head of US Cyber & Tech for specialist insurer Beazley, during this podcast episode. "It was a very new cover, so the claims data did not really present itself. In the breach world when breaches began, it could be as simple as somebody losing a laptop to somebody hacking in and stealing information. The challenge that exists right now is that the ransomware events are much more frequent and much more severe and trigger so many different aspects of the policy."
Indeed, Beazley initially entered the cyber insurance industry in 2005 with its InfoSec policy, Dauphinais says, and quickly learned that a solution was needed for breach response that would make clients, particularly in the middle market and the small to medium-sized enterprise sector, feel more secure. It launched its Beazley Breach Response policy in 2009, which brought risk management services and support in addition to an in-house breach response team.
"What we learned through that process, what we've learned by having that connection with the clients, is just how overwhelming and stressful these events are and how much they need in terms of support and services and education and coaching through those events," she says. "As the breach world has evolved, as the claim world has evolved, the coverage has also developed. I think that's been a very important part of meeting insured needs and responding to the environment and making sure that clients are receiving a 360 approach."
Despite how much has changed since the beginnings of cyber insurance, however, Robinson says there's still work to be done to increase buying, particularly among small businesses.
"The unfortunate reality of cyber insurance, as I still believe, the take-up rate remains relatively low," he says. "I would say less than half of small businesses still are not protecting as part of their strategy. They're still not taking [cyber risk] seriously from a "do we need to buy the insurance?" standpoint."
He goes on to explain that in the beginnings of cyber coverage, industries such as manufacturing and construction, for example, weren't considered big targets for breaches. At the time, he says breaches were primarily focused on theft of personally identifiable information like credit card and social security numbers.
"Over the last few years, that attack vector has changed greatly, and it's now more about restriction of access to the network," he says. "While that network is down, you have all of these other expenses that mount while you're not able to conduct business. That's been a big, big change....so good cyber coverage is going to be comprehensive, going beyond just online interference to areas like private data and communications in all of its formats."
To find out what else Kristen and Steve had to say, check out the latest Insuring Cyber Podcast episode, and be sure to check back for new episodes every other Wednesday published along with the Insuring Cyber newsletter. Thanks for listening.